Here at Dunnell Accounting, we understand how important your privacy is and that is why we never compromise the security and safety of your data including those who visit our website. We believe personal privacy is significant and your personal information will never be given out to others and only those within our company will use your data to provide you with the agreed contractual services.
We also understand that not only should we follow and abide by with the below regulations, but we must also be able to prove and demonstrate that we constantly use the regulations and never compromise our client’s consent and preferences. This privacy policy details how we store, share, and destroy your data so please read this carefully ensuring you understand every aspect of it. If you have any questions, please do not hesitate to contact us on the below contact details.
Our contact details:
Email: info@dunnellaccounting.co.uk, Melanie@dunellaccounting.co.uk, Demi@dunnellaccounting.co.uk
Address: Studio 20, 14 Feathers Place, Greenwich, London, SE10 9NE
Contact numbers: 0203 6211662, 07837755002, 07494131363
Main contact for data protection matters: Melanie Hall, Melanie@dunnellaccounting.co.uk, 07837755002 and 02036 211660
VAT Number: 324413142
What type of information we have:
Once a client has been onboarded, we request every piece of relevant information regarding either themselves if they are self-employed or the company we have taken on. This would include all documents which hold any form of information capable of identifying the individual or company because of what is stated.
However, the amount of information we obtain about you would depend on the services we offer you and this would include:
Individual information: Title, full birth name, gender, date of birth and copies of both passport and utility bill for proof of identification
Contact details: Home & work address, telephone & mobile numbers, email address(s) and billing address
Business/financial information: Bank account, credit/debit card details, UTF number, NI number and government gateway logins.
Communications & Promotional campaigns: Personal preference on how you would like us to contact you regarding our marketing and campaigns
Technical information: IP address, usage data, social media handles, website domains and how you access our website
Who do we give access and share your information with:
We will never rent or sell your information to third parties without your consent and only staff within our company can use or access your data for your services purpose. Our staff have a duty of confidentiality under the Data Protection Act 2018, which we follow and abide by to ensure your data is only used to your consent. On certain occasions, we may have to use your data on your own behalf to complete our contracted service, which sometimes requires third parties’ involvements; for example, third parties may include HMRC and ICO.
What the current law states about data protection:
The General Data Protection Regulation is always taken into consideration when dealing with individuals personal and confidential information.
The regulations apply to how we process and collect data, and these are the key aspects as a business we must follow that the General Data Protection Regulation states:
Lawfulness & transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject
Accuracy: Personal Data shall be accurate and where necessary, kept up to date
Accountability: The controller shall be responsible for, and be able to demonstrate compliance with the General Data Protection Regulations
Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Integrity and confidentiality: Personal data shall be processed in a manger that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organisational measures
Storage limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
Data minimisation: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed
When do we collect your data:
We only collect information and data about someone if they have directly requested services from us or have contacted us via phone, email, post, or out online website form. Public online registers which hold a list of different companies’ information such as Companies House may also provide us with some insight and information about a client, but information found on that website will only be used where we feel necessary and where we are legally permitted to in order to complete our services and conduct our work.
Why do we require all your relevant data:
Under the General Data Protection Regulation, we will only ever use your data and information for the below purposes:
-
To conduct a service for you that we both contracted
-
That we have to comply with relevant legal or regulatory obligation
-
To perform legal tasks on your behalf with third parties
-
We have legitimate interest in your information
-
There is a legal obligation to hold your data for future services
How we get your information:
In order to build up a client profile, we require all relevant information regarding an individual or company. If you are a current or past client and wish to withdraw your information from our company’s data base, then please contact us as soon as possible on the above contact details.
In order to work with us and for us to deliver your services efficiently and professionally, we have a legal and contractual obligation to collect information and data about a client by these methods for example:
Direct contact: By completing our online contact form on our website and communicating with u over email, phone, mail or in person, we are collecting the information about you and already creating a client or potential client file about you in order to comply with the ICO’s regulations
Online/technical interaction: By browsing our website, we collect cookie information if you accept them and this details to us about your equipment and how frequent you view our website on what device and when
Postage method: During a client meeting, they may hand over their documents and files in person or they all have the option to send the information over email or posting it to our office address
Updating your information:
To ensure we provide you with the highest quality services, it is important for us to keep your data and information updated. We may review your documents we hold and rectify where necessary if we believe appropriate. Due to the majority of our services being completed monthly, quarterly or yearly we request that you keep us up to date with the current outlook of your data and inform us if anything has changed or been revised or updated. Outdated and prior information is not useful to us and may prevent and deter us from completing your services on a regular basis. In order to give us your most recent or updated information, if you feel necessary, please contact us on the contact details listed in this policy at the beginning.
How we process your information:
Once an agreed contract has been signed, we will only use your data and information per how we agreed and how we are legally permitted to. Instances in which we will use your information are:
To provide you with the services we offer, and you consented to, such as Bookkeeping, Corporation Tax Returns, Payroll, Personal Tax Returns, Dormant Company Accounts, VAT Returns, Cashflow forecasts, Confirmation Statement and Annual Accounts
-
Contact you via telephone, email, or mail
-
Preserve and retain our records
-
When we are required to conduct a legal obligation or requirement
-
Process financial transactions
-
Carry out legal obligations on your behalf
-
To update our client records and client systems
-
Contacting HMRC
-
Management and admin purposes
How we store your information:
Here at Dunnell Accounting, we aim to be a paperless office so the majority of our documents we have about our clients are on the Microsoft cloud-based system Box. This system allows us to edit, save, share and upload files by scanning them into our computer. Only for specific clients we have paper folders for them within our office, but these are kept in a locked fireproof cabinet and can only be accessed by those in the company with a key. If they request for us to dispose of their documents after we have completed their services, we then shred them to ensure they destroyed and that no one else can get hold of them or have access to them due to confidentiality and security. In addition to that, a client may send over their files by post, receipts for example, for us to complete their services and then request to have them sent back so those types of data will never be kept in the office and will be sent straight back to them via secure delivery by Royal Mail’s special delivery.
How we may communicate with you:
Your personal data and information may be used in certain instances when we feel like or have to contact you. This may include sending you occasional newsletters regarding our services or company in general, updates about your contracted services and other marketing correspondences. Marketing is important to us as we strive to have a good relationship with all of our clients and communicate regularly however if you wish to opt out of our marketing communications, follow the opt out actions on any of the messages from us or contact us at info@dunnellaccounting.co.uk or 02036211660. Despite this, opting out of our marketing communications does not apply or prevent us from communicating regarding your services we are legally contracted to provide you with or any other significant updates we are required to inform you on.
How long we keep your data:
We hold all our current client’s information for as long as they are still a client of ours and once a client has withdrawn from our company, their files will be moved to the Old client’s folder and will only be held there for a brief period of time after they have left us. In certain circumstances, we may have to retain certain client files with us in order to comply with legal, regulator, tax or accounting regulations and we will notify the client if this is the case for their information. If, for example, a client has had previous complications and problems when dealing with us and they are no longer a client, then their files will most likely be kept for a short period of time in order to prevent any future difficulties or challenges arising for our business. In other circumstances, we may also have a legitimate reason as to why we may keep client’s records for longer than usual if we feel necessary or believe there could be a possibility of litigation or legal action in the future. In order to determine the appropriate period of time we retain your information for, we will have to identify the following:
-
The amount of data
-
Importance and value of data
-
Nature
-
Risks associated with the data
-
Purpose of keeping the data
-
Whether we can complete the services through other means
Data Security:
We understand that you put your faith and trust into us and have confidence when it comes to your personal information, so that’s why we take every measure to ensure that your data will be safe and secure in our hands. In order to do so, we take excessive procedures to prevent your files from being lost, stolen and damaged.
Here are just some of the following measures we take to protect your personal data:
-
All software, folders and websites we use are encrypted with logins: Those within the business are the only individuals who have access to your information, and this is granted to them with a username and password login when they start their employment with us. They are informed and aware that they should not share or expose these logins to anyone outside the company or third parties. If, for example, an employee breaches this duty of confidentiality then there will be consequences for them as they have been made aware of our responsibility to ensure your data is protected and in safe hands but if this is the case, then you will be notified and made aware of this as we are legally required to do so.
-
Sending documents with a reputable delivery courier: By using Royal Mail to return documents back to clients, we have confidence that they will not compromise or jeopardise our privacy. The majority of our deliveries are sent using special delivery and we notify the client that their files are being returned in order to prevent them from being lost or misplaced.
-
We use a fireproof and locked cabinet: Although most of our client’s data is held online on a cloud software and we try to be a paperless office, we do keep some paper files for certain clients in the office. Because of this they are kept in a fireproof and locked cabinet to guarantee they will always be secure and are kept protected.
-
Office security: After everyone has left the office at the end of the day, the office is locked and, in a code, protected building. When someone leaves for lunch and no one is in the office it is again locked, as we like to ensure no authorised individual has access to our office when we are not around. In addition to that, the only other individual who has a key to the office and is not a Dunnell Accounting employee, is the cleaner. Once she has finished, she makes sure to lock the office afterwards and she has no intention of compromising our client files protection and security.
Your data protection rights
Under the current data protection laws, as an individual you have rights for your data and information held by us. Yours rights however will differ depending on how we process your information and the lawful basis on that we do so. Under our current rules and regulations, you will not be required to pay a fee to access any of your data however if we believe any of your requests are excessive or unnecessary regarding your information then we have the authority to charge a small reasonable fee.
If you wish to exercise any of these rights you have, then please contact us as soon as possible on the contact details stated in this policy and we will attempt to complete your request within one month. These rights include:
Access: Once you have provided us with your data, at any time you can request to have access to all the information that we hold about you and this means you can also check to identify if we are lawfully processing it to your standards.
Rectification: If at any time you believe your data that we process is inaccurate or wrong, you have the right to request correction from us and therefore we may need to verify the added information you provide us with from now on in order to prevent amendments needed in the future.
Erasure: If we hold information which you believe is no longer required or needing processing, you can ask us to delete and remove the data at any time. However, under some circumstances, we may be legally required to retain some information even if you ask for erasure, but if this is the case for you, we will always notify you.
Restriction of processing: Restriction means you have the right to ask us to restrict the course of us processing your data if you believe the following, (a) the data you provided us with is inaccurate, outdated or wrong, (b) we used the data unlawfully but you don’t want it erased and (c) you want to exercise and establish your legal rights.
Withdraw consent: If at any time you feel the need to object us processing your data that you gave us without any reasoning, you have the right to do so under the Data Protection regulations. This means if you have withdrawn your consent, we will then be able to provide certain services to you and if this is the case for then please let us know beforehand so we can prepare and prevent us from carrying out services which require your consent. Despite this if there are any significant legitimate legal reasons for us to continue using your consent to process your data, then this will override your right to withdraw but we will always notify you if this is the case.
Data portability: You have the right to request the transfer of your data to another organisation if you feel necessary and this means we will send your files over to the third party in a commonly used machine-readable format.
Changes and amendments to our Privacy Policy:
This Privacy Policy is reviewed and updated regularly in order to ensure it complies with the Data Protection Act 2018 and so that we only inform you with accurate and reliable information when reading this Privacy and Data Policy of ours. There is a general rule stating that this policy should be reviews every 1 to 3 years however we believe it would be more effective and beneficial to review it annually as the regulations and current law are subject to change often.
How to complain:
We seek to resolve all issues straight away if an individual has a problem with us or the way we use their data so if you have concerns, complaints or criticisms, please don’t hesitate to contact us on our contact details listed in this privacy policy. We aim to settle all matters within one month from the day you complain to us however we can’t guarantee this to be completely resolved within the month so if unfortunately, we don’t, feel free to contact the Information Commissioner’s Office with these contact details:
Information Commissioner’s Office
Wycliffe House
Water Lane
SK9 5AF
Helpline number: 0303 123 1113
This Privacy and Data Policy has been reviewed by:
Melanie Hall
Director of Dunnell Accounting
18/02/2020